The hack caused Apple to embark on a series of security changes, which made it harder for remote users to retrieve a password that possibly wasn't theirs. The latest step was to install two-step verification, a new process that sends a code to your device.

But unfortunately Apple's own "iForgot" tool remains online, which allows you to reset a user's password that hasn't upgraded to enable two-step validation. All that is needed is a user's Apple ID, email, and date of birth (the Apple ID arguably being the hardest to obtain, but potentially gained through phishing or other methods).

If you have a list of a person's past addresses (freely available via a variety of private investigator databases), you can get a user's Apple ID via a secondary recovery form on the page.

Step 1: Use the first and last name, plus past addresses to recover the AppleId.

Step 2: Use the email, recovered AppleID, and birth date to reset the password.
[Image Source: 9 to 5 Mac]

The exploit was first reported/validated on by The Verge. 9 to 5 Macwent live with the above description of the exploit, pointing curious folks on where to go to try it out.

In an update The Verge reveals more bad news. The site's Chris Welch writes:

Yesterday a number of users were told they'd need to wait three days before enabling two-step verification. As a result, these accounts are fully vulnerable to the exploit. As of right now, the only surefire way these individuals can avoid the security threat is by change their birthdate on Apple's account settings page.

Changing your birthdate to a fake date would stymie users who snagged your birthdate from various public databases or social media sites like Facebook, Inc. (FB).

BS... you were posting for Apple and only Apple because you saw a negative comment about them so you had to detract from it. If it were Samsung or Google, you would have posted some obscure link to try and make them look worse and you know it. You act like we aren't all aware of your agenda and know you are 100% full of s$%t.

Do think that DT would open a story about a security problem with Google, Android or Samsung with a sentence like this?

quote: Apple, Inc. (AAPL), a company infamous for weak security and brazen arrogance regarding its safety,

This sentence, by using a popular stereotype of Apple that panders to iPhobics, addresses the lowest common denominator in the audience. That's an effective way to generate site traffic and clicks but not particularly good journalism and thus it's perfectly OK to attack any inherent hypocrisy in such stuff. Good journalism tries wherever possible to challenge and stretch it's audience.

If one looks at the balance of stories and especially of comments here on DT what one sees is an imbalance, a skewing towards hostile and abrasive criticism of Apple. There is nothing wrong with that, that's free speech, but equally there is nothing wrong with trying to rebalance the discourse around Apple which is all I am trying to do with my comments which are also just an expression of free speech. Attempts to have a more balanced commentary obviously discomforts some who would prefer to live and think in a bubble of imbalance, who celebrate and embrace a skewed view of Apple and of the tech world.

Encountering heretical views is always most alarming and annoying for those people whose views built on fragile foundations of fact and evidence.

quote: Those companies aren't known for weak security and brazen arrogance

Seriously dude? Samsung? They are historically one of the world's worst offenders of brazen arrogance in copying other technology and calling it their own, long before iStuff or even Apple ever existed. Not to mention their own major security exploit that affects the SIII, NoteII and others that are nearly 4-6 months old (depending on who you ask) and are only now getting around to patching. Come on man, think before you type.

"there is nothing wrong with trying to rebalance the discourse around Apple which is all I am trying to do with my comments "

LOL... That sentence from you is beyond just ironic, it is a straight up bold faced lie (underlined because to simply call it a "bold face lie" seems far too weak of a description). Yes, thank you Tony for bring a balanced debate to the table /facepalm

If you don't like the reporting on the site, maybe you shouldn't be one of the primary people clicking on it eh? I just did a quick google and found a site that would be much more suited to your type of "balance". http://www.ifans.com/forums/